GNOME Bugzilla – Bug 643790
Crash in pango_font_description_hash
Last modified: 2019-03-23 20:33:30 UTC
This is the bt: Program received signal SIGSEGV, Segmentation fault. pango_font_description_hash (desc=0x117ef30) at fonts.c:786 786 hash = case_insensitive_hash (desc->family_name); (gdb) bt
+ Trace 226183
And the valgrind log: ==30000== Invalid read of size 8 ==30000== at 0x7042EFD: pango_font_description_hash (fonts.c:785) ==30000== by 0x32C6605CA3: ffi_call_unix64 (unix64.S:75) ==30000== by 0x32C66056D4: ffi_call (ffi64.c:484) ==30000== by 0x76E3B6D: _g_callable_info_invoke (gicallableinfo.c:496) ==30000== by 0x76E4CBD: g_function_info_invoke (gifunctioninfo.c:273) ==30000== by 0x13C88AFC: _wrap_g_callable_info_invoke (pygi-invoke.c:613) ==30000== by 0x32BF4E00DA: PyEval_EvalFrameEx (ceval.c:4382) ==30000== by 0x32BF4E199C: PyEval_EvalCodeEx (ceval.c:3312) ==30000== by 0x32BF4E02F2: PyEval_EvalFrameEx (ceval.c:4168) ==30000== by 0x32BF4E07D5: PyEval_EvalFrameEx (ceval.c:4158) ==30000== by 0x32BF4E07D5: PyEval_EvalFrameEx (ceval.c:4158) ==30000== by 0x32BF4E07D5: PyEval_EvalFrameEx (ceval.c:4158) ==30000== by 0x32BF4E199C: PyEval_EvalCodeEx (ceval.c:3312) ==30000== by 0x32BF46DA9B: function_call (funcobject.c:526) ==30000== by 0x32BF4490C2: PyObject_Call (abstract.c:2529) ==30000== by 0x32BF457C1E: instancemethod_call (classobject.c:2578) ==30000== by 0x32BF4490C2: PyObject_Call (abstract.c:2529) ==30000== by 0x32BF4DA246: PyEval_CallObjectWithKeywords (ceval.c:3941) ==30000== by 0x13C8EDB5: pygi_signal_closure_marshal (pygi-signal-closure.c:168) ==30000== by 0x7C4C37D: g_closure_invoke (gclosure.c:767) ==30000== Address 0x1c05dcc0 is 0 bytes inside a block of size 40 free'd ==30000== at 0x4A0556E: free (vg_replace_malloc.c:366) ==30000== by 0x82E0892: g_free (gmem.c:263) ==30000== by 0x82F550E: g_slice_free1 (gslice.c:907) ==30000== by 0x7C74DF2: g_value_unset (gvalue.c:275) ==30000== by 0x57A839E: property_data_remove_values (gtkstyleproperties.c:207) ==30000== by 0x57A83E8: property_data_free (gtkstyleproperties.c:217) ==30000== by 0x82C885D: g_hash_table_remove_all_nodes (ghash.c:492) ==30000== by 0x82C90DC: g_hash_table_remove_all (ghash.c:1171) ==30000== by 0x82C9174: g_hash_table_destroy (ghash.c:877) ==30000== by 0x57A818D: gtk_style_properties_finalize (gtkstyleproperties.c:359) ==30000== by 0x7C4D7B0: g_object_unref (gobject.c:2734) ==30000== by 0x57A2CEE: style_data_free (gtkstylecontext.c:693) ==30000== by 0x82C885D: g_hash_table_remove_all_nodes (ghash.c:492) ==30000== by 0x82C90DC: g_hash_table_remove_all (ghash.c:1171) ==30000== by 0x57A5D16: gtk_style_context_invalidate (gtkstylecontext.c:3285) ==30000== by 0x7C4C37D: g_closure_invoke (gclosure.c:767) ==30000== by 0x7C5E1CA: signal_emit_unlocked_R (gsignal.c:3252) ==30000== by 0x7C67AD7: g_signal_emit_valist (gsignal.c:2983) ==30000== by 0x7C67CA1: g_signal_emit (gsignal.c:3040) ==30000== by 0x5747B68: _gtk_modifier_style_set_font (gtkmodifierstyle.c:241) ==30000== ==30000== Invalid read of size 4 ==30000== at 0x7042F5A: pango_font_description_hash (fonts.c:789) ==30000== by 0x32C6605CA3: ffi_call_unix64 (unix64.S:75) ==30000== by 0x32C66056D4: ffi_call (ffi64.c:484) ==30000== by 0x76E3B6D: _g_callable_info_invoke (gicallableinfo.c:496) ==30000== by 0x76E4CBD: g_function_info_invoke (gifunctioninfo.c:273) ==30000== by 0x13C88AFC: _wrap_g_callable_info_invoke (pygi-invoke.c:613) ==30000== by 0x32BF4E00DA: PyEval_EvalFrameEx (ceval.c:4382) ==30000== by 0x32BF4E199C: PyEval_EvalCodeEx (ceval.c:3312) ==30000== by 0x32BF4E02F2: PyEval_EvalFrameEx (ceval.c:4168) ==30000== by 0x32BF4E07D5: PyEval_EvalFrameEx (ceval.c:4158) ==30000== by 0x32BF4E07D5: PyEval_EvalFrameEx (ceval.c:4158) ==30000== by 0x32BF4E07D5: PyEval_EvalFrameEx (ceval.c:4158) ==30000== by 0x32BF4E199C: PyEval_EvalCodeEx (ceval.c:3312) ==30000== by 0x32BF46DA9B: function_call (funcobject.c:526) ==30000== by 0x32BF4490C2: PyObject_Call (abstract.c:2529) ==30000== by 0x32BF457C1E: instancemethod_call (classobject.c:2578) ==30000== by 0x32BF4490C2: PyObject_Call (abstract.c:2529) ==30000== by 0x32BF4DA246: PyEval_CallObjectWithKeywords (ceval.c:3941) ==30000== by 0x13C8EDB5: pygi_signal_closure_marshal (pygi-signal-closure.c:168) ==30000== by 0x7C4C37D: g_closure_invoke (gclosure.c:767) ==30000== Address 0x1c05dcc8 is 8 bytes inside a block of size 40 free'd ==30000== at 0x4A0556E: free (vg_replace_malloc.c:366) ==30000== by 0x82E0892: g_free (gmem.c:263) ==30000== by 0x82F550E: g_slice_free1 (gslice.c:907) ==30000== by 0x7C74DF2: g_value_unset (gvalue.c:275) ==30000== by 0x57A839E: property_data_remove_values (gtkstyleproperties.c:207) ==30000== by 0x57A83E8: property_data_free (gtkstyleproperties.c:217) ==30000== by 0x82C885D: g_hash_table_remove_all_nodes (ghash.c:492) ==30000== by 0x82C90DC: g_hash_table_remove_all (ghash.c:1171) ==30000== by 0x82C9174: g_hash_table_destroy (ghash.c:877) ==30000== by 0x57A818D: gtk_style_properties_finalize (gtkstyleproperties.c:359) ==30000== by 0x7C4D7B0: g_object_unref (gobject.c:2734) ==30000== by 0x57A2CEE: style_data_free (gtkstylecontext.c:693) ==30000== by 0x82C885D: g_hash_table_remove_all_nodes (ghash.c:492) ==30000== by 0x82C90DC: g_hash_table_remove_all (ghash.c:1171) ==30000== by 0x57A5D16: gtk_style_context_invalidate (gtkstylecontext.c:3285) ==30000== by 0x7C4C37D: g_closure_invoke (gclosure.c:767) ==30000== by 0x7C5E1CA: signal_emit_unlocked_R (gsignal.c:3252) ==30000== by 0x7C67AD7: g_signal_emit_valist (gsignal.c:2983) ==30000== by 0x7C67CA1: g_signal_emit (gsignal.c:3040) ==30000== by 0x5747B68: _gtk_modifier_style_set_font (gtkmodifierstyle.c:241) ==30000== ==30000== Invalid read of size 4 ==30000== at 0x7042F5D: pango_font_description_hash (fonts.c:790) ==30000== by 0x32C6605CA3: ffi_call_unix64 (unix64.S:75) ==30000== by 0x32C66056D4: ffi_call (ffi64.c:484) ==30000== by 0x76E3B6D: _g_callable_info_invoke (gicallableinfo.c:496) ==30000== by 0x76E4CBD: g_function_info_invoke (gifunctioninfo.c:273) ==30000== by 0x13C88AFC: _wrap_g_callable_info_invoke (pygi-invoke.c:613) ==30000== by 0x32BF4E00DA: PyEval_EvalFrameEx (ceval.c:4382) ==30000== by 0x32BF4E199C: PyEval_EvalCodeEx (ceval.c:3312) ==30000== by 0x32BF4E02F2: PyEval_EvalFrameEx (ceval.c:4168) ==30000== by 0x32BF4E07D5: PyEval_EvalFrameEx (ceval.c:4158) ==30000== by 0x32BF4E07D5: PyEval_EvalFrameEx (ceval.c:4158) ==30000== by 0x32BF4E07D5: PyEval_EvalFrameEx (ceval.c:4158) ==30000== by 0x32BF4E199C: PyEval_EvalCodeEx (ceval.c:3312) ==30000== by 0x32BF46DA9B: function_call (funcobject.c:526) ==30000== by 0x32BF4490C2: PyObject_Call (abstract.c:2529) ==30000== by 0x32BF457C1E: instancemethod_call (classobject.c:2578) ==30000== by 0x32BF4490C2: PyObject_Call (abstract.c:2529) ==30000== by 0x32BF4DA246: PyEval_CallObjectWithKeywords (ceval.c:3941) ==30000== by 0x13C8EDB5: pygi_signal_closure_marshal (pygi-signal-closure.c:168) ==30000== by 0x7C4C37D: g_closure_invoke (gclosure.c:767) ==30000== Address 0x1c05dccc is 12 bytes inside a block of size 40 free'd ==30000== at 0x4A0556E: free (vg_replace_malloc.c:366) ==30000== by 0x82E0892: g_free (gmem.c:263) ==30000== by 0x82F550E: g_slice_free1 (gslice.c:907) ==30000== by 0x7C74DF2: g_value_unset (gvalue.c:275) ==30000== by 0x57A839E: property_data_remove_values (gtkstyleproperties.c:207) ==30000== by 0x57A83E8: property_data_free (gtkstyleproperties.c:217) ==30000== by 0x82C885D: g_hash_table_remove_all_nodes (ghash.c:492) ==30000== by 0x82C90DC: g_hash_table_remove_all (ghash.c:1171) ==30000== by 0x82C9174: g_hash_table_destroy (ghash.c:877) ==30000== by 0x57A818D: gtk_style_properties_finalize (gtkstyleproperties.c:359) ==30000== by 0x7C4D7B0: g_object_unref (gobject.c:2734) ==30000== by 0x57A2CEE: style_data_free (gtkstylecontext.c:693) ==30000== by 0x82C885D: g_hash_table_remove_all_nodes (ghash.c:492) ==30000== by 0x82C90DC: g_hash_table_remove_all (ghash.c:1171) ==30000== by 0x57A5D16: gtk_style_context_invalidate (gtkstylecontext.c:3285) ==30000== by 0x7C4C37D: g_closure_invoke (gclosure.c:767) ==30000== by 0x7C5E1CA: signal_emit_unlocked_R (gsignal.c:3252) ==30000== by 0x7C67AD7: g_signal_emit_valist (gsignal.c:2983) ==30000== by 0x7C67CA1: g_signal_emit (gsignal.c:3040) ==30000== by 0x5747B68: _gtk_modifier_style_set_font (gtkmodifierstyle.c:241) ==30000== ==30000== Invalid read of size 1 ==30000== at 0x7042F60: pango_font_description_hash (fonts.c:788) ==30000== by 0x32C6605CA3: ffi_call_unix64 (unix64.S:75) ==30000== by 0x32C66056D4: ffi_call (ffi64.c:484) ==30000== by 0x76E3B6D: _g_callable_info_invoke (gicallableinfo.c:496) ==30000== by 0x76E4CBD: g_function_info_invoke (gifunctioninfo.c:273) ==30000== by 0x13C88AFC: _wrap_g_callable_info_invoke (pygi-invoke.c:613) ==30000== by 0x32BF4E00DA: PyEval_EvalFrameEx (ceval.c:4382) ==30000== by 0x32BF4E199C: PyEval_EvalCodeEx (ceval.c:3312) ==30000== by 0x32BF4E02F2: PyEval_EvalFrameEx (ceval.c:4168) ==30000== by 0x32BF4E07D5: PyEval_EvalFrameEx (ceval.c:4158) ==30000== by 0x32BF4E07D5: PyEval_EvalFrameEx (ceval.c:4158) ==30000== by 0x32BF4E07D5: PyEval_EvalFrameEx (ceval.c:4158) ==30000== by 0x32BF4E199C: PyEval_EvalCodeEx (ceval.c:3312) ==30000== by 0x32BF46DA9B: function_call (funcobject.c:526) ==30000== by 0x32BF4490C2: PyObject_Call (abstract.c:2529) ==30000== by 0x32BF457C1E: instancemethod_call (classobject.c:2578) ==30000== by 0x32BF4490C2: PyObject_Call (abstract.c:2529) ==30000== by 0x32BF4DA246: PyEval_CallObjectWithKeywords (ceval.c:3941) ==30000== by 0x13C8EDB5: pygi_signal_closure_marshal (pygi-signal-closure.c:168) ==30000== by 0x7C4C37D: g_closure_invoke (gclosure.c:767) ==30000== Address 0x1c05dcde is 30 bytes inside a block of size 40 free'd ==30000== at 0x4A0556E: free (vg_replace_malloc.c:366) ==30000== by 0x82E0892: g_free (gmem.c:263) ==30000== by 0x82F550E: g_slice_free1 (gslice.c:907) ==30000== by 0x7C74DF2: g_value_unset (gvalue.c:275) ==30000== by 0x57A839E: property_data_remove_values (gtkstyleproperties.c:207) ==30000== by 0x57A83E8: property_data_free (gtkstyleproperties.c:217) ==30000== by 0x82C885D: g_hash_table_remove_all_nodes (ghash.c:492) ==30000== by 0x82C90DC: g_hash_table_remove_all (ghash.c:1171) ==30000== by 0x82C9174: g_hash_table_destroy (ghash.c:877) ==30000== by 0x57A818D: gtk_style_properties_finalize (gtkstyleproperties.c:359) ==30000== by 0x7C4D7B0: g_object_unref (gobject.c:2734) ==30000== by 0x57A2CEE: style_data_free (gtkstylecontext.c:693) ==30000== by 0x82C885D: g_hash_table_remove_all_nodes (ghash.c:492) ==30000== by 0x82C90DC: g_hash_table_remove_all (ghash.c:1171) ==30000== by 0x57A5D16: gtk_style_context_invalidate (gtkstylecontext.c:3285) ==30000== by 0x7C4C37D: g_closure_invoke (gclosure.c:767) ==30000== by 0x7C5E1CA: signal_emit_unlocked_R (gsignal.c:3252) ==30000== by 0x7C67AD7: g_signal_emit_valist (gsignal.c:2983) ==30000== by 0x7C67CA1: g_signal_emit (gsignal.c:3040) ==30000== by 0x5747B68: _gtk_modifier_style_set_font (gtkmodifierstyle.c:241) ==30000== ==30000== Invalid read of size 4 ==30000== at 0x7042F67: pango_font_description_hash (fonts.c:787) ==30000== by 0x32C6605CA3: ffi_call_unix64 (unix64.S:75) ==30000== by 0x32C66056D4: ffi_call (ffi64.c:484) ==30000== by 0x76E3B6D: _g_callable_info_invoke (gicallableinfo.c:496) ==30000== by 0x76E4CBD: g_function_info_invoke (gifunctioninfo.c:273) ==30000== by 0x13C88AFC: _wrap_g_callable_info_invoke (pygi-invoke.c:613) ==30000== by 0x32BF4E00DA: PyEval_EvalFrameEx (ceval.c:4382) ==30000== by 0x32BF4E199C: PyEval_EvalCodeEx (ceval.c:3312) ==30000== by 0x32BF4E02F2: PyEval_EvalFrameEx (ceval.c:4168) ==30000== by 0x32BF4E07D5: PyEval_EvalFrameEx (ceval.c:4158) ==30000== by 0x32BF4E07D5: PyEval_EvalFrameEx (ceval.c:4158) ==30000== by 0x32BF4E07D5: PyEval_EvalFrameEx (ceval.c:4158) ==30000== by 0x32BF4E199C: PyEval_EvalCodeEx (ceval.c:3312) ==30000== by 0x32BF46DA9B: function_call (funcobject.c:526) ==30000== by 0x32BF4490C2: PyObject_Call (abstract.c:2529) ==30000== by 0x32BF457C1E: instancemethod_call (classobject.c:2578) ==30000== by 0x32BF4490C2: PyObject_Call (abstract.c:2529) ==30000== by 0x32BF4DA246: PyEval_CallObjectWithKeywords (ceval.c:3941) ==30000== by 0x13C8EDB5: pygi_signal_closure_marshal (pygi-signal-closure.c:168) ==30000== by 0x7C4C37D: g_closure_invoke (gclosure.c:767) ==30000== Address 0x1c05dce0 is 32 bytes inside a block of size 40 free'd ==30000== at 0x4A0556E: free (vg_replace_malloc.c:366) ==30000== by 0x82E0892: g_free (gmem.c:263) ==30000== by 0x82F550E: g_slice_free1 (gslice.c:907) ==30000== by 0x7C74DF2: g_value_unset (gvalue.c:275) ==30000== by 0x57A839E: property_data_remove_values (gtkstyleproperties.c:207) ==30000== by 0x57A83E8: property_data_free (gtkstyleproperties.c:217) ==30000== by 0x82C885D: g_hash_table_remove_all_nodes (ghash.c:492) ==30000== by 0x82C90DC: g_hash_table_remove_all (ghash.c:1171) ==30000== by 0x82C9174: g_hash_table_destroy (ghash.c:877) ==30000== by 0x57A818D: gtk_style_properties_finalize (gtkstyleproperties.c:359) ==30000== by 0x7C4D7B0: g_object_unref (gobject.c:2734) ==30000== by 0x57A2CEE: style_data_free (gtkstylecontext.c:693) ==30000== by 0x82C885D: g_hash_table_remove_all_nodes (ghash.c:492) ==30000== by 0x82C90DC: g_hash_table_remove_all (ghash.c:1171) ==30000== by 0x57A5D16: gtk_style_context_invalidate (gtkstylecontext.c:3285) ==30000== by 0x7C4C37D: g_closure_invoke (gclosure.c:767) ==30000== by 0x7C5E1CA: signal_emit_unlocked_R (gsignal.c:3252) ==30000== by 0x7C67AD7: g_signal_emit_valist (gsignal.c:2983) ==30000== by 0x7C67CA1: g_signal_emit (gsignal.c:3040) ==30000== by 0x5747B68: _gtk_modifier_style_set_font (gtkmodifierstyle.c:241) ==30000== ==30000== Invalid read of size 4 ==30000== at 0x7042F75: pango_font_description_hash (fonts.c:791) ==30000== by 0x32C6605CA3: ffi_call_unix64 (unix64.S:75) ==30000== by 0x32C66056D4: ffi_call (ffi64.c:484) ==30000== by 0x76E3B6D: _g_callable_info_invoke (gicallableinfo.c:496) ==30000== by 0x76E4CBD: g_function_info_invoke (gifunctioninfo.c:273) ==30000== by 0x13C88AFC: _wrap_g_callable_info_invoke (pygi-invoke.c:613) ==30000== by 0x32BF4E00DA: PyEval_EvalFrameEx (ceval.c:4382) ==30000== by 0x32BF4E199C: PyEval_EvalCodeEx (ceval.c:3312) ==30000== by 0x32BF4E02F2: PyEval_EvalFrameEx (ceval.c:4168) ==30000== by 0x32BF4E07D5: PyEval_EvalFrameEx (ceval.c:4158) ==30000== by 0x32BF4E07D5: PyEval_EvalFrameEx (ceval.c:4158) ==30000== by 0x32BF4E07D5: PyEval_EvalFrameEx (ceval.c:4158) ==30000== by 0x32BF4E199C: PyEval_EvalCodeEx (ceval.c:3312) ==30000== by 0x32BF46DA9B: function_call (funcobject.c:526) ==30000== by 0x32BF4490C2: PyObject_Call (abstract.c:2529) ==30000== by 0x32BF457C1E: instancemethod_call (classobject.c:2578) ==30000== by 0x32BF4490C2: PyObject_Call (abstract.c:2529) ==30000== by 0x32BF4DA246: PyEval_CallObjectWithKeywords (ceval.c:3941) ==30000== by 0x13C8EDB5: pygi_signal_closure_marshal (pygi-signal-closure.c:168) ==30000== by 0x7C4C37D: g_closure_invoke (gclosure.c:767) ==30000== Address 0x1c05dcd0 is 16 bytes inside a block of size 40 free'd ==30000== at 0x4A0556E: free (vg_replace_malloc.c:366) ==30000== by 0x82E0892: g_free (gmem.c:263) ==30000== by 0x82F550E: g_slice_free1 (gslice.c:907) ==30000== by 0x7C74DF2: g_value_unset (gvalue.c:275) ==30000== by 0x57A839E: property_data_remove_values (gtkstyleproperties.c:207) ==30000== by 0x57A83E8: property_data_free (gtkstyleproperties.c:217) ==30000== by 0x82C885D: g_hash_table_remove_all_nodes (ghash.c:492) ==30000== by 0x82C90DC: g_hash_table_remove_all (ghash.c:1171) ==30000== by 0x82C9174: g_hash_table_destroy (ghash.c:877) ==30000== by 0x57A818D: gtk_style_properties_finalize (gtkstyleproperties.c:359) ==30000== by 0x7C4D7B0: g_object_unref (gobject.c:2734) ==30000== by 0x57A2CEE: style_data_free (gtkstylecontext.c:693) ==30000== by 0x82C885D: g_hash_table_remove_all_nodes (ghash.c:492) ==30000== by 0x82C90DC: g_hash_table_remove_all (ghash.c:1171) ==30000== by 0x57A5D16: gtk_style_context_invalidate (gtkstylecontext.c:3285) ==30000== by 0x7C4C37D: g_closure_invoke (gclosure.c:767) ==30000== by 0x7C5E1CA: signal_emit_unlocked_R (gsignal.c:3252) ==30000== by 0x7C67AD7: g_signal_emit_valist (gsignal.c:2983) ==30000== by 0x7C67CA1: g_signal_emit (gsignal.c:3040) ==30000== by 0x5747B68: _gtk_modifier_style_set_font (gtkmodifierstyle.c:241) ==30000== ==30000== Invalid read of size 4 ==30000== at 0x7042F83: pango_font_description_hash (fonts.c:792) ==30000== by 0x32C6605CA3: ffi_call_unix64 (unix64.S:75) ==30000== by 0x32C66056D4: ffi_call (ffi64.c:484) ==30000== by 0x76E3B6D: _g_callable_info_invoke (gicallableinfo.c:496) ==30000== by 0x76E4CBD: g_function_info_invoke (gifunctioninfo.c:273) ==30000== by 0x13C88AFC: _wrap_g_callable_info_invoke (pygi-invoke.c:613) ==30000== by 0x32BF4E00DA: PyEval_EvalFrameEx (ceval.c:4382) ==30000== by 0x32BF4E199C: PyEval_EvalCodeEx (ceval.c:3312) ==30000== by 0x32BF4E02F2: PyEval_EvalFrameEx (ceval.c:4168) ==30000== by 0x32BF4E07D5: PyEval_EvalFrameEx (ceval.c:4158) ==30000== by 0x32BF4E07D5: PyEval_EvalFrameEx (ceval.c:4158) ==30000== by 0x32BF4E07D5: PyEval_EvalFrameEx (ceval.c:4158) ==30000== by 0x32BF4E199C: PyEval_EvalCodeEx (ceval.c:3312) ==30000== by 0x32BF46DA9B: function_call (funcobject.c:526) ==30000== by 0x32BF4490C2: PyObject_Call (abstract.c:2529) ==30000== by 0x32BF457C1E: instancemethod_call (classobject.c:2578) ==30000== by 0x32BF4490C2: PyObject_Call (abstract.c:2529) ==30000== by 0x32BF4DA246: PyEval_CallObjectWithKeywords (ceval.c:3941) ==30000== by 0x13C8EDB5: pygi_signal_closure_marshal (pygi-signal-closure.c:168) ==30000== by 0x7C4C37D: g_closure_invoke (gclosure.c:767) ==30000== Address 0x1c05dcd4 is 20 bytes inside a block of size 40 free'd ==30000== at 0x4A0556E: free (vg_replace_malloc.c:366) ==30000== by 0x82E0892: g_free (gmem.c:263) ==30000== by 0x82F550E: g_slice_free1 (gslice.c:907) ==30000== by 0x7C74DF2: g_value_unset (gvalue.c:275) ==30000== by 0x57A839E: property_data_remove_values (gtkstyleproperties.c:207) ==30000== by 0x57A83E8: property_data_free (gtkstyleproperties.c:217) ==30000== by 0x82C885D: g_hash_table_remove_all_nodes (ghash.c:492) ==30000== by 0x82C90DC: g_hash_table_remove_all (ghash.c:1171) ==30000== by 0x82C9174: g_hash_table_destroy (ghash.c:877) ==30000== by 0x57A818D: gtk_style_properties_finalize (gtkstyleproperties.c:359) ==30000== by 0x7C4D7B0: g_object_unref (gobject.c:2734) ==30000== by 0x57A2CEE: style_data_free (gtkstylecontext.c:693) ==30000== by 0x82C885D: g_hash_table_remove_all_nodes (ghash.c:492) ==30000== by 0x82C90DC: g_hash_table_remove_all (ghash.c:1171) ==30000== by 0x57A5D16: gtk_style_context_invalidate (gtkstylecontext.c:3285) ==30000== by 0x7C4C37D: g_closure_invoke (gclosure.c:767) ==30000== by 0x7C5E1CA: signal_emit_unlocked_R (gsignal.c:3252) ==30000== by 0x7C67AD7: g_signal_emit_valist (gsignal.c:2983) ==30000== by 0x7C67CA1: g_signal_emit (gsignal.c:3040) ==30000== by 0x5747B68: _gtk_modifier_style_set_font (gtkmodifierstyle.c:241) ==30000== ==30000== Invalid read of size 4 ==30000== at 0x7042F8B: pango_font_description_hash (fonts.c:793) ==30000== by 0x32C6605CA3: ffi_call_unix64 (unix64.S:75) ==30000== by 0x32C66056D4: ffi_call (ffi64.c:484) ==30000== by 0x76E3B6D: _g_callable_info_invoke (gicallableinfo.c:496) ==30000== by 0x76E4CBD: g_function_info_invoke (gifunctioninfo.c:273) ==30000== by 0x13C88AFC: _wrap_g_callable_info_invoke (pygi-invoke.c:613) ==30000== by 0x32BF4E00DA: PyEval_EvalFrameEx (ceval.c:4382) ==30000== by 0x32BF4E199C: PyEval_EvalCodeEx (ceval.c:3312) ==30000== by 0x32BF4E02F2: PyEval_EvalFrameEx (ceval.c:4168) ==30000== by 0x32BF4E07D5: PyEval_EvalFrameEx (ceval.c:4158) ==30000== by 0x32BF4E07D5: PyEval_EvalFrameEx (ceval.c:4158) ==30000== by 0x32BF4E07D5: PyEval_EvalFrameEx (ceval.c:4158) ==30000== by 0x32BF4E199C: PyEval_EvalCodeEx (ceval.c:3312) ==30000== by 0x32BF46DA9B: function_call (funcobject.c:526) ==30000== by 0x32BF4490C2: PyObject_Call (abstract.c:2529) ==30000== by 0x32BF457C1E: instancemethod_call (classobject.c:2578) ==30000== by 0x32BF4490C2: PyObject_Call (abstract.c:2529) ==30000== by 0x32BF4DA246: PyEval_CallObjectWithKeywords (ceval.c:3941) ==30000== by 0x13C8EDB5: pygi_signal_closure_marshal (pygi-signal-closure.c:168) ==30000== by 0x7C4C37D: g_closure_invoke (gclosure.c:767) ==30000== Address 0x1c05dcd8 is 24 bytes inside a block of size 40 free'd ==30000== at 0x4A0556E: free (vg_replace_malloc.c:366) ==30000== by 0x82E0892: g_free (gmem.c:263) ==30000== by 0x82F550E: g_slice_free1 (gslice.c:907) ==30000== by 0x7C74DF2: g_value_unset (gvalue.c:275) ==30000== by 0x57A839E: property_data_remove_values (gtkstyleproperties.c:207) ==30000== by 0x57A83E8: property_data_free (gtkstyleproperties.c:217) ==30000== by 0x82C885D: g_hash_table_remove_all_nodes (ghash.c:492) ==30000== by 0x82C90DC: g_hash_table_remove_all (ghash.c:1171) ==30000== by 0x82C9174: g_hash_table_destroy (ghash.c:877) ==30000== by 0x57A818D: gtk_style_properties_finalize (gtkstyleproperties.c:359) ==30000== by 0x7C4D7B0: g_object_unref (gobject.c:2734) ==30000== by 0x57A2CEE: style_data_free (gtkstylecontext.c:693) ==30000== by 0x82C885D: g_hash_table_remove_all_nodes (ghash.c:492) ==30000== by 0x82C90DC: g_hash_table_remove_all (ghash.c:1171) ==30000== by 0x57A5D16: gtk_style_context_invalidate (gtkstylecontext.c:3285) ==30000== by 0x7C4C37D: g_closure_invoke (gclosure.c:767) ==30000== by 0x7C5E1CA: signal_emit_unlocked_R (gsignal.c:3252) ==30000== by 0x7C67AD7: g_signal_emit_valist (gsignal.c:2983) ==30000== by 0x7C67CA1: g_signal_emit (gsignal.c:3040) ==30000== by 0x5747B68: _gtk_modifier_style_set_font (gtkmodifierstyle.c:241)
btw this happens doing something like this: size = description.get_size() / Pango.SCALE if not bounds: description.set_size(max(1, (size + amount)) * Pango.SCALE) self._view.override_font(description)
My guess is however you got the description has an incorrect transfer annotation. Where is the description Python Object created?
To get the description we just do: context = self._view.get_style_context() description = context.get_font(context.get_state()) See that the annotation seems to be correct: http://git.gnome.org/browse/gtk+/tree/gtk/gtkstylecontext.c#n3573 Also you can check the gedit code here: http://git.gnome.org/browse/gedit-plugins/tree/plugins/textsize/textsize/documenthelper.py#n83
Created attachment 182522 [details] [review] copy font description we get from context.get_font before modifying it
This was your bug but admittedly something that is hard to convey in python right now. Spotted it when making a C test case. The interface pango_context.get_font() returns a const object. You need to copy it before you modify it or all hell breaks lose. C reminds you of this with warnings but as far as I can tell GI correctly markes it as transfer None but has not way of telling you that you don't actually have the right to edit it. We should ad that for every interface that returns a const type.
I should note the interface is gtk_style_context.get_font
Review of attachment 182522 [details] [review]: Thanks a lot for this. Feel free to push. I guess with the port to pygi and to GtkStyleContext we missed this, although it was quite complicated to get spotted.